Healthcare.gov: Personal Information Was Never Compromised

There have been no successful security attacks to the Healthcare.gov website, according to a statement released Friday. A memo to Democratic Committee members by Representatives Henry Waxman (D-Calif. ), and Diana DeGette (D-Colo.) informs members on what Health and Human Services officials made known during a non-classified portion of a briefing.

Thirty-two incidents occurred, eleven of which are still under investigation. Three were considered “non-incidents,” fifteen happened when an individual accidentally gained access to information, two violated acceptable use computing policies, and one unsuccessfully attempted to scan the system.

There was never a significant breach of personal information following any of the incidents according to HHS. The system is still being continuously monitored to ensure private data is not shared and security is not breached. Bloomberg carried a portion of Waxman’s memo. “No person or group has hacked into Healthcare.gov, and no person or group has maliciously accessed any personally identifiable information from users,” Waxman wrote.

In November, four witnesses appeared before the House Committee on Science, Space, and Technology to give opinions on the security of Healthcare.gov. David Kennedy, head of computer security consulting firm TrustedSec, was particularly vocal about concerns he saw with the security of the website.

The Hill reports that prior to the website, there were few protections in place, or security checks conducted, ahead of the launch. Morgan Wright, an expert in cyber-security who also testified in November, said large-scale fraud was possible because of the technical difficulties. “It is inconceivable that there could have been a comprehensive security review if they were still making major changes and substantial changes to it one or two days before,” Wright said.

On Thursday, Kathleen Sebelius announced a number of initiatives to build on the progress of HealthCare.gov. In addition to appointing a risk officer, a new full-time position for the Centers of Medicare and Medicaid Services, she has ordered the Inspector General to review the site’s development.